Array Index Vulnerability in Linux Kernel Networking Component
CVE-2024-57996
Summary
A vulnerability in the Linux kernel's packet scheduling implementation can lead to an array index out-of-bounds condition. With a limit of one packet, the scheduler may incorrectly manage queued packets, resulting in potential system crashes. This issue arises when the token bucket filter (TBF) and stochastic fair queueing (SFQ) interact under specific conditions, leading to packet drops and eventual underflow errors within the scheduling queue. This bug exemplifies the critical importance of rigorous boundary checks in network components to enhance system stability and security.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 35d0137305ae2f97260a9047f445bd4434bd6cc7
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 833e9a1c27b82024db7ff5038a51651f48f05e5e
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7d8947f2153ee9c5ab4cb17861a11cc45f30e8c4
References
Timeline
Vulnerability published
Vulnerability Reserved